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WHAT IS CLAIMED IS: 

1 . A tunneling system, comprising: 

a service publishing/tunneling server coupled to a wide-area network; and 

a service proxy, coupled to one or more computer systems, for implementing one 

or more service proxy functions; 
5 wherein a TCP service for said one or more client computer systems is available 

from said server through said service proxy. 

2. The tunneling system of claim 1 wherein said one or more computer 
systems are separated from said server by one or more firewalls. 

3. The tunneling system of claim 1 wherein said one or more computer 
10 systems are included in different enterprise networks. 

4. The tunneling system of claim 3 further comprising one or more clients 
and one or more server applications distributed over said one or more computer systems. 

5. The tunneling system of claim 4 wherein a client part includes an indirect 
connection to a server application. 

15 6. The tunneling system of claim 1 wherein said TCP service is published to 

said server by said service proxy. 

7. The tunneling system of claim 6 wherein said service proxy sends publish 
information to said server after creating a connection to said server. 

8. The tunneling system of claim 7 wherein said service proxy saves a service 
20 key returned by said server. 

9. The tunneling system of claim 8 wherein said service proxy creates a 
mapping entry responsive to said service key. 

10. The tunneling system of claim 6 wherein said server creates a pseudo DNS 
name for said service. 
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1 1. The tunneling system of claim 6 wherein said server creates a service key 
responsive to said publish information. 

1 2. The tunneling system of claim 9 wherein said server creates a pseudo DNS 
name for said service. 

5 13. The tunneling system of claim 9 wherein said server creates a service key 

responsive to said publish information. 

14. The tunneling system of claim 12 wherein said server creates a service key 
responsive to said publish information. 

15. The tunneling system of claim 1 wherein one of said computer systems 
10 includes a client application, and wherein said client application includes a TCP socket 

hooking service to selectively respond to TCP service calls. 

16. The tunneling system of claim 15 wherein said hooking service is 
responsive to a connect() call to selectively redirect said call based upon a content of said 
connect() call. 

15 17 The tunneling system of claim 1 0 wherein one of said computer systems 

includes a client application, and wherein said client application includes a TCP socket 
hooking service to selectively respond to TCP service calls. 

1 8. The tunneling system of claim 1 7 wherein said hooking service is 
responsive to a connect() call to selectively redirect said call based upon a content of said 

20 connect() call. 

1 9. The tunneling system of claim 1 8 wherein said content of said connect() 
call includes said pseudo DNS name. 

20. The tunneling system of claim 19 wherein said one client application 
incldues a redirector process. 

25 21 . The tunneling system of claim 10 wherein said pseudo DNS is resolved at 

a client side. 

22. A method for tunneling a TCP service, the method comprising: 
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a) connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 
to one or more computer systems for implementing one or more service proxy functions; 

b) sending, from said proxy, publishing information for a particular service to 
said server; 

c) receiving a service key for said particular service from said server; and 

d) using said service key to provide said particular service to said one or 
more client computer systems from said server through said service proxy. 

23. The method of claim 22 further comprising: 

e) creating a mapping entry on said service proxy responsive to said service 
key and to said publishing information. 

24. The method of claim 23 wherein said mapping entry includes a pseudo 
DNS name. 

25. The method of claim 24 wherein said pseudo DNS name was generated by 
said server responsive to said publishing information. 

26. The method of claim 24 wherein said DNS name is resolved on a client 

side. 

27. The method of claim 26 wherein said DNS name is resolved without 
accessing an external DNS service outside the service proxy. 

28. The method of claim 22 further comprising: 

e) redirecting a TCP connect call from a client application to a server peer via 
a connection chain using a redirector process. 

29. The method of claim 28 wherein said step of redirecting e) is responsive to 
said pseudo DNS name and said service key. 

30. The method of claim 28 wherein said connection chain is a virtual TCP 
connection that functions as a real TCP connection. 
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3 1 . The method of claim 30 wherein said chain connection couples, in 
sequence, said client application to said redirector process to said publishing/tunneling 
server to said service proxy to said server peer. 

32. The method of claim 31 wherein said virtual TCP connection is a two-way 
5 connection between said client application and said server peer wherein data transfer may 

occur in both directions. 

33. A method for tunneling a TCP service, the method comprising: 

a) connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 
to one or more computer systems for implementing one or more service proxy functions; 

b) receiving, from said proxy, publishing information for a particular service 
at said server; and 

c) transmitting a service key for said particular service from said server; 
wherein said service key is used to provide said particular service to said one or more 
client computer systems from said server through said service proxy. 

34. An apparatus for tunneling, comprising: 

means for connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 
to one or more computer systems for implementing one or more service proxy functions; 
20 means for sending, from said proxy, publishing information for a particular 

service to said server; 

means for receiving a service key for said particular service from said server; and 
means for using said service key to provide said particular service to said one or 
more client computer systems from said server through said service proxy. 

35. An apparatus for tunneling, comprising: 

means for connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 
to one or more computer systems for implementing one or more service proxy functions; 

means for receiving, from said proxy, publishing information for a particular 
service at said server; and 
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means for transmitting a service key for said particular service from said server; 
wherein said service key is used to provide said particular service to said one or more 
client computer systems from said server through said service proxy. 

36. A computer program product comprising a computer readable medium 
5 carrying program instructions for tunneling TCP services when executed using two or 

more computing systems each coupled to a global area network, the executed program 
instructions executing a method, the method comprising: 

a) connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 

10 to one or more computer systems for implementing one or more service proxy functions; 

b) sending, from said proxy, publishing information for a particular service to 
said server; 

c) receiving a service key for said particular service from said server; and 

d) using said service key to provide said particular service to said one or 
1 5 more client computer systems from said server through said service proxy. 

37. The computer program product of claim 36 further comprising: 

e) creating a mapping entry on said service proxy responsive to said service 
key and to said publishing information. 

38. The computer program product of claim 37 wherein said mapping entry 
20 includes a pseudo DNS name. 

39. The computer program product of claim 38 wherein said pseudo DNS 
name was generated by said server responsive to said publishing information. 

40. The computer program product of claim 38 wherein said DNS name is 
resolved on a client side. 

25 41 . The computer program product of claim 40 wherein said DNS name is 

resolved without accessing an external DNS service. 

42. A computer program product comprising a computer readable medium 
carrying program instructions for tunneling TCP services when executed using two or 
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more computing systems each coupled to a global area network, the executed program 
instructions executing a method, the method comprising: 

a) connecting a service proxy to a service publishing/tunneling server, 
wherein said server is coupled to a wide-area network and said service proxy is coupled 

5 to one or more computer systems for implementing one or more service proxy functions; 

b) receiving, from said proxy, publishing information for a particular service 
at said server; and 

c) transmitting a service key for said particular service from said server; 
wherein said service key is used to provide said particular service to said one or more 

10 client computer systems from said server through said service proxy. 



